Privacy Policy HQW Precision GmbH
As of February 24, 2022
1. SUBJECT MATTER AND SCOPE OF APPLICATION
We take the protection of your personal data very seriously. With this data protection information, we inform you which personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this Privacy Policy.
2. CONTROLLER
The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) and other data protection regulations is: HQW Precision GmbH, Alter Teichweg 17, 22081 Hamburg, Germany, Phone: +49 (0)9367 98408 0, E-mail: info@hqw.gmbh.
Contact details of the data protection officer:
Our data protection officer is DataCo GmbH, Nymphenburger Str. 86, 80636 München, Germany, Phone: +49 (0)89 7400 45840, www.dataguard.de.
Please feel free to contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
3. VISITING OUR WEBSITE
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device.
Ensuring the confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct website errors.
For these purposes the following data will be logged:
- IP address of the calling computer
- Operating system of the calling computer
- Browser version of the calling computer
- Name of the retrieved file
- Date and time of retrieval
- Transferred amount of data
- Referring URL
These data are regularly deleted after a few days.
Our websites are hosted by a service provider on the basis of a data processing agreement in accordance with Art. 28 GDPR.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
4. CONTACT
If you contact us to request information or documents, the information you provide will be stored for the purpose of processing your request.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our predominant legitimate interest is the communication with our interested parties, visitors and customers.
If the purpose of establishing contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b) GDPR.
5. OUR PRODUCTS AND SERVICES
We process the data of our interested parties, customers, service providers and suppliers within the framework of the provision of our contractual services. We may process inventory data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. photos, videos), contract data (e.g. subject matter of contract, duration), payment data and data collected in the course of the provision of services and/or processed for the provision of services.
The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR.
6. VIDEO SURVEILLANCE
Some of our production sites are monitored by video. This monitoring is clearly indicated by signs. The legal basis for this storage and processing is Art. 6 (1) lit. b) GDPR. The purpose of video surveillance and our legitimate interest is to safeguard the rights of the home, to protect our employees from dangerous situations, to protect our property, in particular our business premises including equipment, and to preserve evidence after criminal offences. Only the management has access to the records. In individual cases, the records may be passed on to criminal prosecution authorities in accordance with their purpose. The deletion of the data is carried out by the system after 7 working days, provided that there are no incidents in the sense of our legitimate interest, which make a longer storage necessary.
7. COOKIES
Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies may be small files or other types of information storage. Information is stored in cookies that is related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain immediate knowledge of your identity.
When you visit our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are necessary for the display of the website with a content management system (e.g., TYPO3), which are used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.
The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of our website.
We also use non-essential cookies, for example to collect additional information about the interests of visitors to our websites or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.
The legal basis for the processing of personal data using such non-essential cookies is your express consent, which we ask you to give when you visit our website before non-essential cookies are set.
8. WEB ANALYTICS
We use web analytics services on our website or on parts of the website to record how our website is used by its visitors and to optimize the website and its presentation.
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Cookies are set as part of Google Analytics. In addition, data is transmitted to Google servers in the USA. Within the scope of IP anonymization, the collected IP address of the user is shortened by Google within the European Economic Area before being transmitted to the USA. Only in exceptional cases, in the event of technical faults in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses will not be merged with other data from Google.
You can prevent the storage of cookies by setting your browser accordingly. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link, which informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics:
http://tools.google.com/dlpage/gaoptout?hl=de
Further information on data processing by Google can be found in Google's Privacy Policy:
https://www.google.com/policies/privacy
When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.
You may prevent the use and storage of cookies as well as prevent Google from recording and processing the data generated by the cookies and pertaining to your use of the website (including your IP address). Simply download and install a browser plug-in available at the following link, and select the appropriate settings on your browser software:
https://tools.google.com/dlpage/gaoptout?hl=en
Alternatively, especially for mobile devices, you can prevent Google Analytics from recording and processing information by clicking the following link. An opt-out cookie is created that prevents the future recording of your visits to this website:
Deactivate Google Analytics
In addition, if necessary, you can of course revoke your consent at any time in our consent management system (the small "C" at the bottom left of the website).
9. SOCIAL MEDIA BUTTONS
On our website social media buttons of the social media network LinkedIn and Instagram are integrated.
If you click on one of these social media buttons, you will be redirected to our pages at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.
The data protection information of the social media networks can be found here:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
The legal basis for the integration and use of social media buttons is Art. 6 (1) lit. f) GDPR. Our predominant legitimate interest is the marketing of our offers and our website.
10. SOCIAL MEDIA PAGES ("FAN PAGES")
We maintain a publicly accessible profile on the social media network LinkedIn and Instagram ("Social Media Pages" or "Fan Pages").
If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyse your usage behaviour and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account at the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network websites and on other websites.
If you visit one of our social media pages, we are jointly responsible with the social media network provider for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information in this respect.
The data protection information of the social media networks can be found here:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
We will be happy to provide you with information on suitable guarantees for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.
You can assert your rights of data subjects in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 (1) lit. f) GDPR. Our predominant legitimate interest is the presence and marketing of our products and services on the Internet.
11. FONTS
We use font libraries on this website in order to present the contents of our website in a correct and graphically appealing manner across all browsers. Calling up font libraries automatically triggers a connection to the library operator. The operator receives the information that the font required for our website has been called up from your IP address.
You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).
We use Adobe Fonts, provided by Adobe Systems Software Ireland Limited in Ireland. For more information on data processing by Adobe, please refer to Adobe’s privacy policy at https://www.adobe.com/privacy.html
The information transmitted to Adobe may be processed by Adobe, Inc., the parental company of Adobe Systems Software Ireland Limited, outside of the European Economic Area. We provide appropriate safeguards for this data transfer to a unsafe third country in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
Legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the optimisation and economic operation of our website, including the efficient and error-free display of fonts across devices and the legally compliant use of these fonts.
12. JOB APPLICATIONS
We collect and process personal data of applicants for the purpose of processing the application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.
In the course of handling application procedures in our company, we work together with the application platform of the service provider Workwise GmbH, Imprint https://www.workwise.io/impressum. Recruitment on behalf of job seekers or employers is not order processing, but the use of a third-party specialist service provided by an independent controller (LDA-Bayern, FAQ list dated 20 July 2018). Further information on the data protection of the service provider Workwise GmbH can be found in the privacy policy https://www.workwise.io/datenschutz.
If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, provided that deletion does not conflict with any overriding legitimate interest, such as the defence of claims or a preservation of evidence function according to the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
The legal basis for this storage and processing is the performance of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR.
13. VIDEO CONFERENCES AND WEBINARS
If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter "video conferences") organized by us, we process your personal data in the course of your participation.
When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.
If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.
To enable participation in the video conference, data from your terminal's microphone and any terminal video camera and, if you share your screen, information from this "screenshare" is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.
Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained.
You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them.
Insofar as personal data of our employees is processed, § 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing, insofar as German law is applicable to the processing of employee data.
If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest is in the effective implementation of video conferences.
Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar).
Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1) f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences.
We use one or more service providers as processors for the implementation of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
14. WHISTLEBLOWING SYSTEM
Purpose:
We provide an internal whistleblowing system to receive, process and manage information about potential misconduct, violations of the law and other misconduct within the company in a secure and confidential manner.
Whistleblower
Our internal whistleblowing system is available to employees and former employees of our company and third parties (e.g. customers, business partners, suppliers, employees of affiliated companies).
Type of Reports:
In the case of an anonymous report, our whistleblowing system does not collect and process any personal data of the whistleblower. In the case of a confidential report, only the external operator of our whistleblowing system CONFDNT has the contact details of the whistleblower, but these are not disclosed to us. In the case of a confidential report, we have the option of communicating directly with the whistleblower, e.g., to confirm receipt of the report, to ask questions about the facts, and to inform the whistleblower about the measures taken. However, we do not receive any information about the identity of the whistleblower. The external operator of our whistleblowing system CONFDNT acts as an "anonymization layer" between us and the whistleblowers. In the case of a transparent report, the contact person responsible for handling reports in our company is given access to the data on the identity of the whistleblower and can communicate directly with the whistleblower. In accordance with the EU Whistleblower Directive, we are obliged to maintain the confidentiality of the identity of the whistleblower, i.e. only the employee(s) who handle the respective report know the identity of the whistleblower, no one else in the company.
Personal Data Processed:
When a report is provided via the whistleblowing system, the following personal data is processed by us:
- Name and contact details of the whistleblower, if provided in the case of a transparent report; in the case of a confidential report, the external operator of our whistleblowing system CONFDNT will not disclose the whistleblower's personal data to us; in the case of an anonymous report, no personal data of the whistleblower will be processed at all
- The IP address of the whistleblower is not stored for processing a message within the application. To ensure the availability, confidentiality and integrity of the server and the applications and interfaces connected to the server, accesses to the server are logged in order to be able to detect and deal with potential security breaches. Accesses that cannot be associated with any security breach are deleted after one calendar month at the latest due to maintenance intervals.
- Company affiliation or function are processed if provided in a report
- Personal data of persons named in a report are processed for the investigation or treatment of a report
Communication between the computer of the whistleblower and the whistleblowing system takes place via an encrypted connection (SSL). To maintain the connection between the computer and the whistleblowing system, a cookie is stored on the computer that only contains the session ID (so-called zero cookie). The cookie is only valid until the end of the respective session and is deleted when the browser is closed.
Confidential Treatment of Reports and Disclosure:
Incoming reports are received and processed by a small number of authorized employees. These employees are expressly obliged to treat all reports confidentially at all times. These responsible employees examine the report and, if necessary, carry out further case-related investigations of the facts.
As part of the investigations of the facts and, if necessary, the subsequent initiation of measures, it may be necessary to pass on information to other employees of the company. This is done exclusively within the scope of what is necessary for the investigations or initiation of measures, and we always ensure that the relevant data protection provisions are complied with when passing on information.
In certain cases, there is an obligation under data protection law to inform the accused person of the allegations made against him or her. This is required by law if it is objectively determined that providing information to the accused person cannot (any longer) impair the specific investigation of the report. In this context, the identity of the whistleblower is not disclosed, insofar as this is legally possible, and it is ensured that no conclusions can be drawn about the identity of the whistleblower.
When knowingly providing false reports with the aim of discrediting a person (denunciation), the confidentiality of the whistleblower's identity cannot be guaranteed.
In the event of a legal obligation or data protection law requirement for the investigation of reports, further categories of possible recipients are law enforcement authorities, antitrust authorities, other administrative authorities, courts, and law firms and auditing firms commissioned by us.
Setting Up an Account:
Whistleblowers set up an account for their report. The account can be accessed via a QR code and/or an individual link. The account can be used for communication between the employees entrusted with handling the report and the whistleblower. No additional personal data is collected when creating and using the account. The use of the whistleblowing system can be tracked anonymously, but no conclusions can be drawn about individual users.
Individual reports are uniquely identified by an identification number. The identification number is in no way used to identify the whistleblower, but merely to logically separate different reports and whistleblowers from one another.
The personal data entered in the whistleblowing system can be viewed by the whistleblower in the account at any time. The whistleblowing system does not store any personal data other than the personal data specified in the account.
All data entered by the whistleblower is stored individually encrypted in a database.
Legal Basis:
The processing of personal data within the whistleblowing system is based on the fulfillment of legal obligations and our overriding legitimate interest in the detection and prevention of wrongdoing and the associated prevention of damage and liability risks for the company. Accordingly, the legal basis is Art. 6 Para. 1 lit. c) and lit. f) GDPR in conjunction with Sections 30, 130 OWiG (if German law is applicable).
If a report relates to one of our employees, the processing also serves to prevent and detect criminal offenses or other legal violations that are related to the employment relationship. The legal basis in this case is § 26 (1) BDSG (if German law is applicable).
Retention and Deletion:
Personal data will be retained for as long as is necessary for the internal investigations and the final assessment of a report, or if there is a legitimate interest on the part of the company, or if this is required by law.
Afterwards, the data is deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty.
The data collected is generally deleted within two months of the conclusion of the internal investigation.
If criminal, disciplinary or civil court proceedings are initiated as a result of misconduct within the meaning of this Policy or misuse of the whistleblowing system, the storage period may be extended until the respective proceedings have been finally concluded.
Personal data that is obviously not relevant for the processing of a specific report will not be collected or will be deleted immediately if it was collected unintentionally.
Service Provider
Our whistleblowing system is provided by the service provider CONFDNT GmbH in Germany on the basis of a data processing agreement pursuant to Art. 28 GDPR.
15. AGE RESTRICTION
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.
16. RECIPIENTS OF DATA
Within our company, those internal departments or organisational units receive your data which they need to fulfil their tasks, to fulfil contracts with you if necessary, for data processing with your consent or to safeguard our overriding legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) lit. b) GDPR or to safeguard our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in the effective conduct of our business operations.
Insofar as we use service providers or third-party providers within the framework of the provision of the website and/or the provision of our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of your personal data.
If we use content or tools from service providers or third-party providers in the course of providing the website and/or our services and their registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data will only be transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular a suitable guarantee pursuant to Art. 46 GDPR.
17. YOUR RIGHTS
You have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to limit the processing and to object to the processing.
You also have the right to have your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.
To assert your rights, please contact us using the contact details given above.
You also have the right to lodge a complaint with the relevant data protection supervisory authority.
18. REVOCATION OF CONSENT
Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal notification by e-mail to us at the contact details given above is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
19. RIGHT OF OBJECTION
AS FAR AS YOUR DATA ARE PROCESSED, AS EXPLAINED IN THIS DATA PROTECTION INFORMATION, TO PROTECT OUR OVERRIDING LEGITIMATE INTERESTS, YOU CAN OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE. PLEASE CONTACT US USING THE CONTACT DETAILS GIVEN ABOVE.
YOU ARE ONLY ENTITLED TO THIS RIGHT OF OBJECTION IF THERE ARE REASONS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT OF OBJECTION, YOUR PERSONAL DATA WILL NOT BE FURTHER PROCESSED FOR THESE PURPOSES, UNLESS WE CAN PROVE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF THE PROCESSING IS FOR THE PURPOSE OF DIRECT ADVERTISING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN NO LONGER BE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, REGARDLESS OF THE REASONS FOR THE OBJECTION.
20. COMPULSORY DATA
The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data, although the provision of personal information is required for the conclusion of a contract to the extent that certain details are required in order to conclude (and perform) a contract.
21. AUTOMATED DECISION MAKING
We do not perform automated decision making, including profiling.
22. STORAGE AND DELETION
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as necessary to achieve the purposes stated here or as required by the storage periods provided for by law.
If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
23. TECHNICAL AND ORGANIZATIONAL MEASURES
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data, which you send to us.
24. AMENDMENT OF THIS PRIVACY POLICY
We reserve the right to amend this data protection declaration from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.